1 of 11

3.1.0 Automate

Introduction

Server for building custom APIs. An API consists of an endpoint bound to a URL via HTTP, a pipe for functionality, an optional pipe for auth, and pipes that can run on a schedule.

Overview

The server leverages the API module to expose one or more URL endpoints. Each endpoint has a set of properties.

The properties decide behaviour of how to authenticate the calling client, how to treat incoming data and how to format the response back to the caller.

About this release

Release notes

This highlights the key items. For detailed information, contact Fortified ID.

3.1.0 Scheduling added

This release allows for scheduling jobs

Breaking changes

Here we highlight changes that may break previously working configurations unless adjusted to accommodate the updates below.

Updated default encryption

As of 3.1.0 default encryption has been changed. This will only affect systems where encryption is enabled.

To keep previous implementation ensure environment setting:

FORTIFIED_SECRETS_IMPL = local

Flow of the request

When a client invokes the API, the server initially cross-references the API configuration to determine if client authentication is required. If so, and if set up, authentication is processed through a PIPE. Only after successful authentication does the request get normalized and forwarded to the designated pipe for executing the core logic.

If the pipe executes without any errors, the response will carry an HTTP 200 status. Depending on the configuration and PIPE logic, the response body might include data.

On error API will return server 500 with potential error description. This can be changed using configuration.

Sending data to the API

Calling the API can be done using HTTP method POST, PUT or GET.

Sending data to the API can be done by setting HTTP headers, request parameter or as a JSON structure in the request body.

Accessing data in a valve is done by using expansion.

Example

Given the http request with body:

{
	"firstkey": "fistvalue",
	"secondkey": "secondvalue"
}

Using expansion in valve to access "firstkey" is done through ${request.firstkey}.

Lets say the request sent in something in the http header Authorization header.

Expanding data in the Authorization haders is done: ${request.header_firstkey}.

Note the "header_" prefix.

Authenticating the client

Client authentication is conducted through a PIPE. The PIPE involved in authentication has access to all data transmitted by the client. When designing an authentication PIPE, it's advisable to place the authentication data within the HTTP header.

A good design practice is to aim for lightweight authentication, especially since the client is authenticated with each request.

For enhanced security, don't rely solely on client authentication; if possible, incorporate additional layers of protection.

Installation

API server can be installed on Windows x64, Linux x64 or in a container environment.

Verifying base installation

If running in container environment be sure to expose container port 8080.

Execute HTTP-POST to http://<host_or_ip>/api/demo/?secret=password

Response should look:

{
    "success": true,
    "data": {
        "items": [
            {
                "id": "result",
                "properties": {
                    "message": "This is the result from the API demo impl pipe"
                }
            }
        ]
    }
}

Configuration API

API requires module API to be deployed. If endpoints are implemented in Pipes, the Pipes module must be deployed.

Name

Description

http_context

Base context (Default: "/api")

endpoints

List of api endpoint configurations

{
  "http_context" : "/api01",
  "endpoints" : [ ]
}

Endpoint configuration

Each API endpoint represents an API with a unique context path and configurable authentication and request/response data. Endpoint logic can be implemented by a pipe but it is not required.

Name

Description

name

Endpoint name (Mandatory)

context_path

Endpoint relative path (Optional, defaults to name)

public

Flag turning on/off authentication for this endpoint (Default: false)

auth.*

Endpoint authentication configuration

auth.pipe

Id of pipe performing endpoint authentication. Authentication is successful if pipe returns success, otherwise authentication fails. Request and response handlers are only called if authentication is successful.

request.*

Request configuration (see below for handler specific configuration)

request.handler

Name of request handler (Default: "Pipes")

response.*

Response configuration (see below for handler specific configuration)

response.handler

Name of response handler (Default: "Pipes")

{
    "name" : "svc01",
    "public" : true,
    "auth" : {
      "pipe" : "auth_pipe_01"
    },
    "request" : {
      "handler" : "DataProxy",
      "pipe" : "api_pipe_01"
    },
    "response" : {
      "handler" : "DataProxy"
    }
}

Request handlers

The request handler is a pluggable component responsible for processing the endpoint HTTP request.

Pipes

This is the default handler. Converts the API HTTP request to a pipe request containing the body, configured headers and params and request properties.

Name

Description

pipe

Id of pipe implementing the endpoint

headers

List of headers to include in pipe request. (Default: null, no headers are included)

params

List of parameters (query and/or form) to include in pipe request. (Default: "*", all params are included)

session_overload

Flag to enable session overload (i.e use specific session when calling pipes) (Default: false)

session_id

Name of request parameter containing session id for session overloading. (Default: "__session_id")

"request": {
    "handler": "Pipes",
    "pipe": "pipe_01",
    "headers": "Host",
    "params": "*",
    "session_overload": true,
    "session_id": "token"
}

ProxyData

This request handler proxies request data (i.e. the body) without modifications to a pipe. If request data is a form a new pipe request will be built containing all form params.

Response handlers

The response handler is a pluggable component responsible for producing the endpoint HTTP response.

Response handlers can only be combined with request handlers producing a compatible output.

Pipes

This is the default handler. Operates on pipe responses that may contain items. Produces a custom response body using a template or returns the pipe response as-is if no template is configured (JSON).

Name

Description

content_type

Response content type

template

Response template (see below)

status

Custom status configuration (see below)

"response": {
    "handler": "Pipes",
    "content_type": "application/json",
    "template": ""
}

ProxyData

Response handler creating a response from a pipe response containing headers and body properties.

Response templating

When using the Pipes response handler, the response can be transformed to any text format using a template.

Template scope objects

The following object are available during template rendering:

Name

Description

items

List of response items

response

The actual response

util.now

Current date/time as an ISO instant

util.uuid

Create UUID

Example template

{
    "now": "{{util.now}}",
    "count": {{items.size}},
    "elems": [
        {{#items}}
        { "id": "{{id}}" }
        {{/items}}
    ]
}

{{{response}}}

Status mapping

Pipe response reason can be mapped to a custom HTTP status code by using status mappings.

Mappings are processed in the defined order, first match wins.

Name

Description

regex

Regular expression matched against reason string

value

The HTTP status code returned on match

"status": [
  {
    "regex" : "Not found",
    "value" : 404
  },
  {
    "regex" : "Custom status.*",
    "value" : 444
  },
  {
    "regex" : ".{1,}",
    "value" : 500
  }  
]

Default configuration file

Attached is the default config.json file used when starting the default configuration.

Examples

Basic

This configuration creates a public api on context /api/svc implemented by pipe api_pipe_01.

{
  "http_context" : "/api",
  "endpoints" : [ {
    "name" : "svc",
    "public": "true",
    "request": {
      "pipe" : "api_pipe"
    }
  } ]
}

Auth

{
  "http_context" : "/api",
  "endpoints" : [ {
    "name" : "svc",
    "auth" : {
      "pipe" : "auth_pipe"
    },
    "request": {
      "pipe" : "api_pipe"
    }
  } ]
}

Template

{
  "http_context" : "/api",
  "endpoints" : [ {
    "name" : "svc",
    "public" : true,
    "auth" : {
      "pipe" : "auth_pipe"
    },
    "request": {
      "pipe" : "api_pipe"
    },
    "response" : {
      "type" : "application/json",
      "template" : "{\n    \"now\": \"{{now}}\",\n    \"count\": {{items.size}},\n    \"elems\": [\n        {{#items}}\n        { \"id\": \"{{id}}\" }\n        {{/items}}\n    ],\n    \"response\": {{{response}}}\n}"
    }
  } ]
}

Custom status

{
  "http_context" : "/api",
  "endpoints" : [ {
    "name" : "svc",
    "public" : true,
    "response" : {
      "pipe" : "api_pipe",
      "status" : [ {
        "regex" : "Custom status.*",
        "value" : 444
      } ]
    }
  } ]
}

Scheduler

Scheduler module is included and can call pipes etc. based on cron syntax pattern.

Setting up a scheduled job

See separate documentation for scheduler module.

Configuration API

API requires module API to be deployed. If endpoints are implemented in Pipes, the Pipes module must be deployed.

Since API is based on HTTP all HTTP configuration properties are supported. Find global settings .

Name

Description

http_context

Base context (Default: "/api")

endpoints

List of api endpoint configurations

{
  "http_context" : "/api01",
  "endpoints" : [ ]
}

Endpoint configuration

Each API endpoint represents an API with a unique context path and configurable authentication and request/response data. Endpoint logic can be implemented by a pipe but it is not required.

Name

Description

name

Endpoint name (Mandatory)

context_path

Endpoint relative path (Optional, defaults to name)

public

Flag turning on/off authentication for this endpoint (Default: false)

auth.*

Endpoint authentication configuration

auth.pipe

request.*

Request configuration (see below for handler specific configuration)

request.handler

Name of request handler (Default: "Pipes")

response.*

Response configuration (see below for handler specific configuration)

response.handler

Name of response handler (Default: "Pipes")

{
    "name" : "svc01",
    "public" : true,
    "auth" : {
      "pipe" : "auth_pipe_01"
    },
    "request" : {
      "handler" : "DataProxy",
      "pipe" : "api_pipe_01"
    },
    "response" : {
      "handler" : "DataProxy"
    }
}

Request handlers

The request handler is a pluggable component responsible for processing the endpoint HTTP request.

Pipes

This is the default handler. Converts the API HTTP request to a pipe request containing the body, configured headers and params and request properties.

Name

Description

pipe

Id of pipe implementing the endpoint

headers

List of headers to include in pipe request. (Default: null, no headers are included)

params

List of parameters (query and/or form) to include in pipe request. (Default: "*", all params are included)

session_overload

Flag to enable session overload (i.e use specific session when calling pipes) (Default: false)

session_id

Name of request parameter containing session id for session overloading. (Default: "__session_id")

"request": {
    "handler": "Pipes",
    "pipe": "pipe_01",
    "headers": "Host",
    "params": "*",
    "session_overload": true,
    "session_id": "token"
}

ProxyData

This request handler proxies request data (i.e. the body) without modifications to a pipe. If request data is a form a new pipe request will be built containing all form params.

Response handlers

The response handler is a pluggable component responsible for producing the endpoint HTTP response.

Response handlers can only be combined with request handlers producing a compatible output.

Pipes

Name

Description

content_type

Response content type

template

Response template (see below)

status

Custom status configuration (see below)

"response": {
    "handler": "Pipes",
    "content_type": "application/json",
    "template": ""
}

ProxyData

Response handler creating a response from a pipe response containing headers and body properties.

Response templating

When using the Pipes response handler, the response can be transformed to any text format using a template.

Template scope objects

The following object are available during template rendering:

Name

Description

items

List of response items

response

The actual response

util.now

Current date/time as an ISO instant

util.uuid

Create UUID

Example template

{
    "now": "{{util.now}}",
    "count": {{items.size}},
    "elems": [
        {{#items}}
        { "id": "{{id}}" }
        {{/items}}
    ]
}

{{{response}}}

Status mapping

Pipe response reason can be mapped to a custom HTTP status code by using status mappings.

Mappings are processed in the defined order, first match wins.

Name

Description

regex

Regular expression matched against reason string

value

The HTTP status code returned on match

"status": [
  {
    "regex" : "Not found",
    "value" : 404
  },
  {
    "regex" : "Custom status.*",
    "value" : 444
  },
  {
    "regex" : ".{1,}",
    "value" : 500
  }  
]

Default configuration file

Attached is the default config.json file used when starting the default configuration.

2KB

config.json